IOMETE Release Notes
Sign Up for Product Updates and Release Notes
You'll receive notifications about new features, improvements, and important updates.
Unsubscribe at any time.
v3.11.1
π New Features
- Hybrid Log Retrieval with Kubernetes Hot Storage:
- We have added hot storage support, allowing recent logs to be served directly from Kubernetes whenever pod logs are available, and the system automatically falls back to external storage like Splunk, Loki, or Elasticsearch if pod logs are not found.
- This configuration is only valid when using external log sources (Splunk, Loki, or Elasticsearch). Kubernetes cannot be used as a log source together with hot storage.
- Helm configuration example for Splunk (
values.yaml
):logging:
source: "splunk" # splunk | loki | elasticsearch
splunkSettings:
endpoint: "https://splunk.example.com"
token: "bearer-token" # bearer token created in Splunk Settings -> Tokens
indexName: "main"
hotStorage:
enabled: true
source: "kubernetes" # currently only kubernetes is supported - Notes:
- Ensure Kubernetes log retention is configured to cover the time ranges you care about; once pods are gone, logs will only be available in external storage.
- If
hotStorage.enabled: false
, all requests use the external integration if configured.
π Bug Fixes
- Fixed missing YAML document separator (
---
) that caused bothspark-log-masking-regexes
andpriority-class-mappings
ConfigMaps to be invalid and not created during Helm upgrades. - Fixed an issue where the
useSparkConnectForDbExplorer
feature flag was not respected in the frontend, causing DB Explorer to use v2 APIs (using compute cluster for metadata retrieval) instead of the intended Spark Connect service.
v3.11.0
π New Features
-
IOMETE Spark: Spark version spark-3.5.5 is a default version set.
-
PriorityClass Mappings: Implemented Priority Class Mappings, which enables to configure priority classes mappings in helm charts.
-
Log Management:
- Built Executor Logs feature enabling real-time viewing of compute and Spark job executor logs in the UI.
- Added support for downloading logs from external logging systems including Splunk, Loki, and EFK.
-
Tag Filtering on Spark/Streaming Job List: You can search and filter the Spark/Streaming job list by resource tags.
-
New SQL Chart Types: You can now visualize SQL query results with Pie Charts, Scatter Plots, Treemaps, and Composed Charts.
-
Parent-Child Relationship for Groups:
- On the Group Details page, users can now see both their directly assigned and parent groups.
- Added two tabs:
- Sub groups (Inheriting to)
- Parent groups (Inherited from)
- Same updates applied to Domain Group Members.
- Note: Currently, group relationships apply only to LDAP members.
β‘ Improvements
- Job Orchestrator:
- Job Priority Restrictions:
- Only Domain Admins can upgrade jobs to HIGH priority.
- Regular users can manage NORMAL jobs, edit HIGH, and downgrade to NORMAL.
- Existing jobs and normal operations remain unaffected.
- Worker Deployment Changes: Workers moved to respective data planes, reduced resource usage, and added per-namespace configurations.
- Spark Job Quota Enhancements: Added PriorityClass quota support; system now applies the most restrictive limit across namespace and job-specific quotas for CPU, Memory, and Pods.
- Job Priority Restrictions:
- API Improvements: Implemented exposing the token management operations in the API / swagger.
π Bug Fixes
- Fixed an issue where resources quotas in the homepage picked up the priority class quota instead of the namespace quota.
- Fixed an issue where the USE command on a catalog failed with access_denied when the user had access to only specific databases, by adding proper catalog-level USE privilege support.
v3.10.2
π Bug Fixes
- Fixed an issue where the
spark.dynamicAllocation.enabled
flag was always set to false. - Fixed an issue where the
spark.executor.instances
was set to 1 even when dynamic allocation was disabled. - Fixed an issue where the user failed to query the view when they lack the permission to the underlying table, even if the user has a permission to the view.
- Disabled
delete table
button in database explorer within SQL Editor sidebar.
v3.9.3
π Bug Fixes
- Patched
antiAffinity
rules, customers can now configure soft affinity rules for Spark driver pods to help distribute them across nodes and reduce the probability of most drivers ending up on the same node. This can be enabled by setting the flagiometeSparkDriverAntiAffinity.enabled
to true in values.yaml during installation. - The iom-core pod now dynamically reloads any
docker.tagAliases
defined invalues.yaml
, removing the need to restart the pod.
v3.10.1
π Bug Fixes
- Fixed an issue where column descriptions and tags were being unintentionally overridden by the catalog-sync job.
- Descriptions will now be preserved if already present.
- Tags from the sync job will be merged with existing tags instead of replacing them.
- Added validations of tags and label names based on the rules mentioned here.
- It has been implemented in API level, so that integrated tools to be validated as well.
- It has been implemented in UI level as well, so the users to be informed about valid syntax formats.
v3.10.0
π New Features
-
Job Orchestrator [Beta]: This is the beta release of our broader initiative to bring orchestration to IOMETE. To enable it, set the flag
jobOrchestrator.enabled
invalues.yaml
.- Priority-based Scheduling: Users can now prioritize the scheduling of business-critical jobs over regular-priority jobs.
- Resource-aware Execution: Jobs are only submitted when there is sufficient cluster capacity, helping prevent failed or stuck jobs.
- Built-in observability: We've added rich metrics to monitor queue state, job wait times, and scheduling patterns in real time.
For an in-depth overview, check out the official press release.
- Priority-based Scheduling: Users can now prioritize the scheduling of business-critical jobs over regular-priority jobs.
-
Jupyter Containers [Beta]: Jupyter Containers is a powerful new feature that brings familiar Jupyter development environments directly into your IOMETE Platform. This enhancement enables data engineers and analysts to spin up dedicated, pre-configured Jupyter environments with just a few clicks.
Key highlights:- Create isolated Jupyter containers with customizable resource allocation.
- Each container comes with JupyterLab pre-installed and ready to use. Click "Open JupyterLab" to directly access Jupyter environment from IOMETE UI.
- Pre-installed Spark libraries for immediate access to distributed computing.
- Direct connectivity to IOMETE Compute clusters via Spark Connect.
- Essential developer tools pre-installed: git, aws cli, sparksql-magic, pandas, other libraries and extensions.
- Authentication: Use your IOMETE username as the default token. Optionally, setup a password to protect sensitive files within container.
Platform admins can enable it during installation by setting
jupyterContainers.enabled
invalues.yaml
.
For more details please refer to Jupyter Container's user guide: Jupyter Containers - Developer Guide. -
LDAP Group Inheritance: Group hierarchies synced from LDAP are now taken into account when evaluating Data Security policies. Groups inherit data policies from parent groups in the same way users inherit them.
- For example, in the diagram below, any data policies applied to the "Data Science Team" will also apply to the "ML Engineers" and "Data Analysts" groups β in addition to any policies directly assigned to those child groups.
- This behavior is enabled by default in IOMETE. It can be disabled by setting the feature flag
ldapGroupInheritance.enabled
tofalse
invalues.yaml
during Helm installation.
- For example, in the diagram below, any data policies applied to the "Data Science Team" will also apply to the "ML Engineers" and "Data Analysts" groups β in addition to any policies directly assigned to those child groups.
-
Activity Monitoring: We are releasing the beta of our own Spark Query Plan viewer. You no longer need to access the UI to view query plans! Enable this feature via
activityMonitoringQueryPlans.enabled
invalues.yaml
during installation.- Improved visualization of shuffle metrics on the Query Monitoring Details page.
- Domain owners can now view and cancel all queries within their domain, while regular users can only see and cancel their own queries.
β‘ Improvements
- IOMETE Spark: Customers can now configure soft affinity rules for Spark driver pods to help distribute them across nodes and reduce the probability of most drivers ending up on the same node. This can be enabled by setting the flag
iometeSparkDriverAntiAffinity.enabled
totrue
invalues.yaml
during installation. - Moved hardcoded
iom-openapi
pod resource settings intovalues.yaml
in the Helm chart for easier customization. - The number of applications shown on the Spark History summary page is now configurable. Set this in
values.yaml
underservices.sparkHistory.settings.maxApplications
.
See the Spark propertyspark.history.ui.maxApplications
for more information. - Added a new option in the SQL Editor's Database Explorer to delete tables directly from the Iceberg REST Catalog. This is useful when a table is corrupted and Spark cannot delete it. The user must have
DROP TABLE
privileges to perform this operation. - Added a context menu with
Close
andClose All
options to SQL Editor worksheet tabs for quickly closing the current or all tabs. - Tags attached to Spark jobs are now propagated to the corresponding Kubernetes pods as labels.This enables resource management or categorization based on job-specific tags.
π Bug Fixes
- Added support to configure the maximum allowed cookie size for HTTP requests. This is useful for customers encountering issues with large cookies. Set the value via
services.gateway.settings.maxCookieSize
invalues.yaml
(default:128k
). - Fixed an issue with access token renewal when executing SQL queries.
- Patched the data-plane init job to ensure the metastore starts correctly post-install when special characters are used in the PostgreSQL password.
- Fixed a bug where updates to LDAP settings were not reflected in periodic LDAP syncs.
- Minor fix to ensure the
iom-catalog
service consistently appears on the health check page. - Git Repositories in sql editor now has support for subgroups in gitlab.
- Allow trailing semicolon in Iceberg CALL statements for better Spark SQL compatibility
v3.9.2
β‘ Improvements
- Job resource accounting using tags: Tags that are attached to the spark jobs will be propagated to the pod as labels, which could be used for resource management of jobs categorized by specific tags.
π Bug Fixes
- Move hard coded iom-openapi pod resources to values.yaml in chart.
- Access token renewal issue while executing SQL queries is fixed.
- Fixed bug where LDAP settings updates were not reflected in periodic LDAP sync.
v3.9.1
π Bug Fixes
- Fixed an issue where queries run from the SQL Editor were missing automatic
LIMIT
clauses. This was resolved by updatingdefaultSparkVersion
in the default HELM chart (v17
), as older Spark image versions did not enforce limits correctly. - Removed unintended debug logging from the
iom-socket
pod to reduce log noise.
v3.9.0
π New Features
- Sensitive data improvements on UI: Users can now mark variables in the global spark settings as 'sensitive', which shows them redacted on the UI going forward
- On installation, admins can specify
docker.sparkLogMaskingRegexes
in thevalues.yaml
which will help mask sensitive data shown on the compute logs. This should be specified as named key-value pairs, in the example below we mask passwords, vault tokens and ports:docker:
sparkLogMaskingRegexes:
password_mask: "(?i)(password\\s*=\\s*)[^&\\s]+"
vault_token_mask: "(?i)(vault\\\\s*token\\\\s*[:=]\\\\s*)(s\\.[a-zA-Z0-9]{20,})"
port_mask: "(?i)(on\s+port\s+)(\d{2,5})"
β‘ Improvements
- UI Improvements: The SQL editor in the IOMETE console now supports multiple tabs. Each tab can be configured with a different compute/catalog/database combination.
π Bug Fixes
- Fixed a bug in the IOMETE Console that prevented Jupyter kernel configurations from displaying.
- Patched the logic behind the "Cancel" action in the SQL Editor to prevent it from hanging.
- The
iom-core
pod now dynamically reloads anydocker.tagAliases
defined invalues.yaml
, removing the need to restart the pod. - Fixed issues that could prevent scheduled Spark applications from sending failure notifications.
v3.8.2
π Bug Fixes
- Minor bug fix on the IOMETE console that prevented Jupyter kernel configuration from showing
v3.7.3
π Bug Fixes
- Patched the logic behind the "Cancel" action in the SQL Editor to prevent it from hanging.
- The
iom-core
pod now dynamically reloads anydocker.tagAliases
defined invalues.yaml
, removing the need to restart the pod. - Fixed issues that could prevent scheduled Spark applications from sending failure.
v3.8.1
π New Features
- Notifications: We added the ability for users to select the type of security to use when connecting to their SMTP
π Bug Fixes
- Fixed a bug that users were not able to use the "restart" button for Compute clusters
- We added pagination to tables in the data explorer and data catalog
v3.8.0
π New Features
- IOMETE Spark: IOMETE Spark version
3.5.5-v1
is now available for testing! We recommend configuring it in thedocker.additionalSparkVersions
section ofvalues.yaml
during installation. This enables users to select this version as a custom image when setting up a lakehouse. You can also use it as the base image for your Spark jobs. - We released a patch for IOMETE Spark
3.5.3-v14
that fixes an issue preventing it from starting correctly when feature flags for Activity Monitoring were not enabled.
π Bug Fixes
- Fixed a bug introduced in version
3.7.0
that prevented IOMETE from being installed from scratch ifdocker.tagAliases
was not explicitly set invalues.yaml
. - When users are not allowed to view certain columns in a table, the error message now correctly lists the columns they do have access to, instead of the generic "access denied" message previously shown in the SQL Editor.
- Improved the IOMETE REST Catalog to better handle high load and avoid out-of-memory errors.
- Added pagination to the LDAP sync job to prevent oversized requests and ensure all users and groups can be synchronized to IOMETE in manageable chunks.
- Made a small update to worksheet duplication to avoid naming conflicts when a duplicate already exists.
- Proper support has been added for
-
and.
characters in secret names. - Restored the
Runs as user
field in the Spark Applications section to indicate the privileges under which a job was executed.
v3.7.0
π New Features
- Activity Monitoring:
- Users can now only view their own queries within a domain, enhancing data privacy and security.
- A new Shuffle Metrics section has been added to the Query Monitoring Details page, providing deeper insights into query performance.
- We've also introduced Total Memory Spilled to the Performance Metrics section, helping users better diagnose memory-intensive queries.
- IOMETE Spark:
- Administrators can now define Docker image tag aliases using the
docker.tagAliases
field in thevalues.yaml
file of the Helm chart used during installation. These aliases simplify image version management for Spark jobs configured in the IOMETE consoleβallowing teams to reference a friendly name (likestable
orexperimental
) instead of specific tags. A dedicated UI for managing these aliases is planned for a future release. - Users can now select specific IOMETE Spark Images when running jobs on compute clusters.
The list of selectable images is configurable via the
docker.additionalSparkVersions
field in the samevalues.yaml
file. - During installation, administrators can configure Docker image tag aliases in the
docker.tagAliases
section of thevalues.yaml
file. These aliases can be referenced when setting up Spark jobs in the IOMETE console. For example, aliases likestable
andexperimental
can point to specific versions:We intend to move the configuration of these aliases from the Helm chart to the IOMETE console in a future release.docker:
tagAliases:
stable: 4.2.0
experimental: latest - In addition to tag aliases, administrators can control which IOMETE Spark images are available for compute clusters.
The
docker.defaultSparkVersion
field defines the default image used at startup, whiledocker.additionalSparkVersions
allows users to choose from a list of alternative versions. This enables testing of new Spark versions or fallback to older ones if issues arise. For example:docker:
defaultSparkVersion: 3.5.3-v12
additionalSparkVersions: [3.5.3-v11, 3.5.3-v13, 3.5.5-v1]
- Administrators can now define Docker image tag aliases using the
β‘ Improvements
- Spark jobs now explicitly set the
SPARK_USER
environment variable on their Kubernetes pods to ensure jobs run under the intended user to avoid Spark falling back on the OS default under specific circumstances. - We've improved the retry logic for Spark Connect authentication to reduce failures caused by temporary issues.
- UI Improvements: We moved job notifications to a separate tab in the Job Details page
π Bug Fixes
- In the Query Monitoring section, users within a domain can now only view their own queries for security reasons. Administrators retain the ability to view all queries across users via the Query Monitoring page in the Admin Portal.
- When Registering an Iceberg Table via the SQL Editor, we now select the metadata file with the latest timestamp, rather than the one with the highest lexicographical name. This ensures that the most recent schema and snapshot information is used, addressing issues where compactions could cause the lexicographical order to be out of sync with the actual modification time.
- Fixed an issue where adding or removing notifications from a job would cause the schedules of scheduled jobs to be unintentionally reset.
v3.6.0
π New Features
- Activity Monitoring: Spark job metrics can now be automatically archived to the IOMETE system table
activity_monitoring_spark_jobs
in Iceberg when feature flagsparkJobArchival
is enabled. - Spark Job Archival: Added new feature flags to archive spark job statistics. If set, spark job statistics will be periodically archived to IOMETE system table
activity_monitoring_spark_jobs
in Iceberg
β‘ Improvements
- UI Improvements:
- Removed the option to set the number of executors when running in single-node mode, as it is not applicable in driver-only configurations
- Fix bug that can prevent worksheet creation in SQL editor
- IOMETE Spark now treats all catalogs used in queries as case-insensitive. This behavior can be disabled by setting the Spark configuration
spark.iomete.lowercaseCatalogNames.enabled
to false at the cluster or global level.
π Bug Fixes
- Patch to automatically detect whether SSL/TLS should be used based on the SMTP port
- Fixed issue where some pods did not initiate leader election after losing leadership, causing IOMETE internal maintenance jobs to stop running
- Fixed issue where Spark status events were intermittently not sent to the frontend due to leader election instability
- Fixed issue where the iom-identity pod intermittently returned incorrect permissions for tag-mask policies
- Fixed permission enforcement issue in Spark Connect where queries using
spark.sql(...).explain(...)
did not correctly validate the permissions of the user issuing the request. This did not affect queries of the formspark.sql("EXPLAIN ...")
- Restored logging functionality for pod iom-socket
v3.4.2
π Bug Fixes
- Fixed iom-identity pod intermittently returning incorrect permissions on tag-mask policies
- Restored logging functionality for pod iom-socket
v3.5.1
π Bug Fixes
- Scheduled Data Compaction jobs now support namespaces other than the default